Authentication and Access Control Best Practices for Healthcare Systems

Securing EHR’s continue to be a huge problem for all health care organizations. The security of this highly sensitive information will continue to be a short and long term goal for every organization that deals with healthcare information. Authentication of the systems that holds this information and the proper access controls for this sensitive information are the top concerns for any organization dealing with electronic health records. The United States has made the handlingof health information through electronic systems, a very important goal, but completely securing the information is nearly impossible. When dealing with authentication there are usually three methods to provide this, which is to ask the person something they know (Password, pin, etc), or something they are (Fingerprint, retina, face) or something the use has (Key fob, smart card, etc).When it comes down to access to this sensitive information this should directly be tied to the role of the person, and the policy should be based off who need what information to do their job.